From 4599b38ebf5e36495c50ed73ee4149ddc3378841 Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Thu, 2 Jan 2025 10:27:21 -0500
Subject: [PATCH] Switching to a home-manager config did not fix it.

---
 nix/configuration/roles/gpg/default.nix   | 70 ++++++++++++++---------
 nix/configuration/roles/gpg/files/gpg.asc | 27 +++++++++
 2 files changed, 71 insertions(+), 26 deletions(-)
 create mode 100644 nix/configuration/roles/gpg/files/gpg.asc

diff --git a/nix/configuration/roles/gpg/default.nix b/nix/configuration/roles/gpg/default.nix
index 38dc3ca..d4b8262 100644
--- a/nix/configuration/roles/gpg/default.nix
+++ b/nix/configuration/roles/gpg/default.nix
@@ -42,34 +42,53 @@
   home-manager.users.talexander =
     { pkgs, ... }:
     {
-      home.file.".gnupg/scdaemon.conf" = {
-        source = ./files/scdaemon.conf;
+      # home.file.".gnupg/scdaemon.conf" = {
+      #   source = ./files/scdaemon.conf;
+      # };
+      programs.gpg = {
+        enable = true; # does this install a user-specific version of gnupg in addition to the system-wide package installed in configuration.nix?
+        # homedir = "${config.home.homeDirectory}/.gnupg";
+        publicKeys = [
+          {
+            source = ./files/gpg.asc;
+            trust = 5;
+          }
+        ];
+        settings = {
+          use-agent = true; # what relation does this have to the settings in configuration.nix and also to the home-manager gpg-agent settings below?
+        };
+        scdaemonSettings = {
+          disable-ccid = true; # disable gnupg's built-in smartcard reader function in order to default to system's smartcard reader (pcsclite package)
+        };
+      };
+
+      services.gpg-agent = {
+        enable = true;
+        enableSshSupport = true;
+        enableZshIntegration = true;
+        enableScDaemon = true; # what relation does this have with the scdaemon setting above and/or in configuration.nix?
+        pinentryPackage = pkgs.pinentry-qt;
+        defaultCacheTtl = 60;
+        maxCacheTtl = 120;
+        extraConfig = ''
+          ttyname $GPG_TTY
+        '';
       };
     };
 
-  # programs.gnupg.dirmngr.enable = true;
-  programs.gnupg.agent = {
-    enable = true;
-    enableSSHSupport = true;
-    pinentryPackage = pkgs.pinentry-qt;
-    # settings = {
-    #   disable-ccid = true;
-    # };
-  };
-
-  environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
-    hideMounts = true;
-    users.talexander = {
-      directories = [
-        {
-          directory = ".gnupg";
-          user = "talexander";
-          group = "talexander";
-          mode = "0700";
-        } # Local keyring
-      ];
-    };
-  };
+  # environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
+  #   hideMounts = true;
+  #   users.talexander = {
+  #     directories = [
+  #       {
+  #         directory = ".gnupg";
+  #         user = "talexander";
+  #         group = "talexander";
+  #         mode = "0700";
+  #       } # Local keyring
+  #     ];
+  #   };
+  # };
 
   # nixpkgs.overlays = [
   #   (final: prev: {
@@ -122,5 +141,4 @@
   #   })
   # ];
 
-  programs.gnupg.agent.enableExtraSocket = true;
 }
diff --git a/nix/configuration/roles/gpg/files/gpg.asc b/nix/configuration/roles/gpg/files/gpg.asc
new file mode 100644
index 0000000..e23cef4
--- /dev/null
+++ b/nix/configuration/roles/gpg/files/gpg.asc
@@ -0,0 +1,27 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEXZwWGhYJKwYBBAHaRw8BAQdAfv7qozKkmf4D+5PDzADsMm4aAKDGLha7+Cu0
+0H+RsWG0HlRvbSBBbGV4YW5kZXIgPHdvcmtAZml6ei5idXp6PoiQBBMWCAA4FiEE
+uEgVk2PCh3kXlUvhJ95A2bhFXBsFAl+w+R0CGwMFCwkIBwIGFQoJCAsCBBYCAwEC
+HgECF4AACgkQJ95A2bhFXBt6fgD+NOYnw9gz5K/q3H5LE/JvqzCSHezJmeGgif0C
+uU4m1/MA+gPDKME7syEtJsTpELEMrxWWpDW0tD/W1iJE7roGYPQPtB1Ub20gQWxl
+eGFuZGVyIDx0b21AZml6ei5idXp6PoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A
+2bhFXBsFAl2cFhoCGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQJ95A2bhF
+XBvYJQEA19wc2s/bEKcnHONC3i8UikLFqZXyYoH6/MFjoAteU8sBAKpE7Qq0zbJb
+XWRESzK3u6p7/+kUqOeDltAuKXTe1FAGuDMEXZwWyhYJKwYBBAHaRw8BAQdAPyIL
+4EGg4T5JO9q2kpVDy2WjMiXz3nZXwYW4GLoTYkiI9QQYFggAJgIbAhYhBLhIFZNj
+wod5F5VL4SfeQNm4RVwbBQJlC4ZhBQkLMdaXAIF2IAQZFggAHRYhBIHmRDmWdVAu
+sSUWutOhecmlPA7eBQJdnBbKAAoJENOhecmlPA7ejJ4A/iq7N2mMhx+ovOXm1REo
+ASPF3l4YAAjOHsXqcPtFHKGJAQCiuA71d6CQ+qNZLuka/KVB/etkkJvDzvaTtiQQ
+QG+gAwkQJ95A2bhFXBtRDgEAqymMavroD5c/4+M/EZ3/d8wxfA9E3Fb/1mt4c2Zr
+NnkBAKYOM+pz/pncFnV+kF7h7TQEEYuGw1JhJVT/duA4lwsLuDMEXZwXARYJKwYB
+BAHaRw8BAQdAa76TmWuKuiR1bnNV1FUE6oQ4C8A+UiQb8x0k1z2DmTKIfgQYFggA
+JgIbIBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkLMdZgAAoJECfeQNm4
+RVwb8TkA/RkBu9Ev8iDE5nvn8YF8FRiY56Z5d+SBPG4VvrCzXrmlAP46wUjIRpkM
+rTbb1GMbvYnkeOrBs/qiWjEtHHc3ZLMWD7g4BF2cFygSCisGAQQBl1UBBQEBB0AO
+0t3BUxLuokTqKVcheFAZd4UKxAGznPQlvsVyhWWIEgMBCAeIfgQYFggAJgIbDBYh
+BLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkLMdY5AAoJECfeQNm4RVwbXscA
+/A8zRRTCwQKxJ8iz5jmTcVFAhl2vD781Dtv8NvcWd5t8APwIwcuFVZZA3yayhIxi
+3aqYpMRxpn2t6Nswax1MIM8DBQ==
+=dzEV
+-----END PGP PUBLIC KEY BLOCK-----